Getting StartedSecurity Trace

Security Trace

The Security Trace Tool (transaction ST01) provides a way to trace the complete sequence of security checks for transaction. Since all checks are displayed, this is a much more foolproof way to investigating potential issues.

The trace needs to be set in the same application server as the user before transaction start. We can check this through SM51 . From the initial screen of ST01, we enter appropriate filter conditions for our trace, mostly this is the user for whom we are checking access, and click the “trace on” button.

ST01 - Initial Screen
ST01 - Initial Screen

The user now executes the sequence of actions to replicate the error. At this point, we click the analysis button, select appropriate filter criteria for the trace file and finally display the trace file itself.

ST01 - Trace Analysis
ST01 - Trace Analysis
ST01 - Trace Display
ST01 - Trace Display

14 thoughts on “Security Trace

  • Hi Aninda,

    Can you just list down the return codes of ST01 with their description.

    Regards,

    Sai

    Reply
    • Hi Sai,

      I have come across three return codes. There might be others as well. Not absolutely sure

      RC= 0 Check for authorization successful.
      RC= 4 Check for authorization unsuccessful. User has authorization object in his user buffer but with different values than what are checked.
      RC= 12 Check for authorization unsuccessful. User doesn’t have authorization object in user buffer.

      Regards,
      Aninda

      Reply
  • Hi

    First of all i would like to thanks of the excellent stuff.

    Return codes of System Trace is as follows:-

    0 = Authorization check passed
    1 = No authorization
    2 = Too many paramaters for authorization check
    3 = Object not contained in user buffer
    4 = No profile contained in user buffer
    6 = Authorization check incorrect
    7, 8, 9 = Invalid user buffer

    Regards

    Sachin

    Reply
    • Thanks to Sachin for coming up with the return codes. Other than 0, 4 and 12, I don’t remember seeing anything else:-)

      Reply
      • Radha Krishna (RK)

        Hi Sachin,

        Yeah. Even I have not seen those return codes other than 0, 4, 12. May be in future. 🙂

        Hi Aninda,

        It would have been much better if you have added the information (next steps) to find the missing object using return codes especially for freshers.

        Regards,
        R.K

        Reply
  • BATHI REDDY

    HI ANINDA
    CAN EXPLAIN ABT THE GENERAL FILITERS…

    BY

    BATHI

    Reply
    • I use general filters in ST01 to capture the trace for a single user. I am sure there will be other uses as well.

      Reply
  • Apoorv

    Could you any explain what are these return codes means with some example like 12 we say authorization unsuccessful and 0 no authorization .so when these other return codes appear i have never come accross them . Please explain in what conditions these return codes appear.

    Reply
  • Hi,

    Please explain same application server means, where we have to select this in tracing, could you provide a screenshot, if possible.

    Reply
    • Aninda

      You don’t choose app server in the ST01 transaction but via SM51. SM51 will allow you to check to which app server, a user is logged in. You then do a remote login to the same server via SM51 and run the trace.

      Reply
  • vishnu

    Aninda,

    One of my friend referred me to this amazing site.A vey usefull posts.

    I have one question.can you please explain me how to use the trace analysis screen to arrive at missing authorizations using RC.

    Reply
    • Aninda

      The options on the trace analysis screen are meant to filter the total data returned by the trace tool. A security failure would be indicated by a return code other than 0.

      Reply
  • Using AL08 Tcode also we can check the user in which server/instance logged in

    Reply
  • paone

    hi Aninda.. i would like to know one thing about troubleshooting a missing authorization ticket ,every time we need to take system trace or SU53 analysis is enough.. even though we can understand the analyisys of the ticket by using su53 screenshot, is there any need to take system trace or not?.. im just beginner not working in any org.. can u plz help me in this.. or give me a detail information about solving a ticket in ur future post asap.. i’ve tried in so many sites finally i found u.. expecting a valid reply..

    thanks in advance,
    regards,
    paONE

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *